Changes in MySQL 5.7.15 (2016-09-06, General Availability)

Security Notes

The validate_password plugin now supports the
capability of rejecting passwords that match the current session
user name, either forward or in reverse. To enable control over
this capability, the plugin exposes a
validate_password_check_user_name
system variable. By default, this variable is disabled; the
default will change to enabled in MySQL 8.0. For more
information, see
Password Validation Plugin Options and Variables.

Test Suite Notes

In mysql-test-run.pl, a limit of 50 was
imposed on the number of workers for parallel testing, which on
systems with more than 50 CPUs resulted in exhaustion of unique
thread IDs. The ID-exhaustion problem has been corrected, and
the limit of 50 on number of workers has been lifted. Thanks to
Daniel Black for the patch on which this change was based.
Additionally, these changes were made:

To avoid idle workers, the number of parallel workers now is
limited to the number of tests.

Previously, if --parallel=auto was given
and the MTR_MAX_PARALLEL environment
variable was not set, a limit of 8 was imposed on the number
of parallel workers. This limit has been lifted.

(Bug #22342399, Bug #79585)

Functionality Added or Changed

InnoDB:
A new dynamic configuration option,
innodb_deadlock_detect, may be
used to disable deadlock detection. On high concurrency systems,
deadlock detection can cause a slowdown when numerous threads
wait for the same lock. At times, it may be more efficient to
disable deadlock detection and rely on the
innodb_lock_wait_timeout
setting for transaction rollback when a deadlock occurs.
(Bug #23477773)

The systemd support script for the unit file
(mysqld_pre_systemd) now assists in
creating the error log file only if its location matches the
pattern /var/log/mysql*.log. In other cases, the error log
directory must be writable or the error log must be present and
writable for the user running the mysqld
process. Also, mysqld_pre_systemd now
avoids creating insecure temporary files.
(Bug #24516262)

The CMakeWITH_LZ4 option has been added to
control which LZ4 library is used during compilation. By default
WITH_LZ4 is set to
bundled, so the library provided with MySQL
is used. Setting WITH_LZ4 to
system uses the LZ4 library from the
operating system.
(Bug #23607230)

InnoDB:
An online DDL operation on a table with indexed
BLOB columns raised an assertion
during logging of table modifications.
(Bug #23760086)

InnoDB:
In some cases, code that locates a buffer pool chunk
corresponding to given pointer returned the wrong chunk. Thanks
to Alexey Kopytov for the patch.
(Bug #23631471, Bug #79378)

InnoDB:
A global counter (ut_rnd_ulint_counter) was
changed to a thread-local counter to make it scalable on
multi-core systems.
(Bug #22733635, Bug #80354)

Replication:
The addition of the
transaction-write-set-extraction=XXH64
option uses xxHash symbols from liblz4. Although the xxHash
symbols are exported by liblz4, the header file is not part of
the API, so compilation failed when building with
WITH_LZ4=system. The fix ensures
that xxHash is built separately from liblz4 so that it is
available both when using the system and bundled LZ4 libraries.
(Bug #82426, Bug #24399819)

References: See also: Bug #23607230.

Replication:mysqlbinlog --read-from-remote-server log1
log2 was opening a new connection for
log2 without freeing the connection used for
log1. Thanks to Laurynas Biveinis for the
contribution.
(Bug #81675, Bug #23540182)

Replication:
With binlog_row_image=FULL,
when updating single tables temporary tables were unnecessarily
being used. The fix ensures single table update follows the same
pattern as multi-table update.
(Bug #79867, Bug #22510353)

mysqld_safe attempted to read
my.cnf in the data directory, although that
is no longer a standard option file location.
(Bug #24482156)

For mysqld_safe, the argument to
--malloc-lib now must be one
of the directories /usr/lib,
/usr/lib64,
/usr/lib/i386-linux-gnu, or
/usr/lib/x86_64-linux-gnu. In addition, the
--mysqld and
--mysqld-version options are
accepted only on the command line, not in option files.
(Bug #24464380)

References: See also: Bug #24619033, Bug #82920.

It was possible to write log files ending with
.ini or .cnf that
later could be parsed as option files. The general query log and
slow query log can no longer be written to a file ending with
.ini or .cnf.
(Bug #24388753)

Privilege escalation was possible by exploiting the way
REPAIR TABLE used temporary
files.
(Bug #24388746)

If the basedir system variable was set at
server startup from the command line or option file, the value
was not normalized (on Windows, / was not
replaced with \).
(Bug #23747899, Bug #82125)

Queries that satisfied the following conditions could return
different results than in MySQL 5.6: 1) A subquery appeared in
the select list; 2) The subquery contained a
WHERE condition that referenced a value in
the outer query; 3) The outer query contained a GROUP
BY that required creation of a temporary table.
(Bug #23049975)

Passwords that were rejected by the
validate_password plugin were written by the
server to the error log as cleartext.
(Bug #22922023)

A prepared statement that used a parameter in the select list of
a derived table that was part of a join could cause a server
exit.
(Bug #22392374, Bug #24380263)

MEDIUMINT columns used in
operations with long integer values could result in buffer
overflow.
(Bug #19984392)

A spurious ER_NO_SUCH_TABLE
error could occur when attempting to execute a prepared
CREATE TABLE ... SELECT statement that used a
temporary table in the FROM clause and called
a stored function. The same error could occur for a nonprepared
version of the statement if used in a stored procedure when the
procedure was re-executed.
(Bug #16672723, Bug #68972)

EINTR handling in the client library has been
fixed so that interrupted read and write calls are retried.
Previously, EINTR was ignored.
(Bug #82019, Bug #23703570)